Maturing ESG Program Management

Maturing ESG Program Management

With SEC reporting requirements looming on the horizon, companies are getting more serious about formalizing their Environmental, Social, and Governance (ESG) programs. Claire Feeney and Arsh Kaur from AuditBoard’s ESG team shine a light on this important new area of enterprise risk and share best practices for building an audit-ready ESG program, including:

  1. The ESG Program Management Lifecycle: 7 key steps including conducting the materiality assessment, selecting frameworks and/or topics, collecting data and metrics, and auditing the data and preparing the report. 
  2. Four key competencies for ESG success: factors to consider when building an ESG program.
  3. ESG Maturity Landscape: best practices for growing your own organization’s ESG maturity.

Watch the full conversation, and read the can’t-miss highlights below.

AuditBoard’s Claire Feeney and Arsh Kaur share best practices for building an audit-ready ESG program.

The ESG Landscape Today

Claire Feeney: First, we have evolving stakeholder expectations. Certainly, regulators and legislators that are passing new requirements or disclosure requirements are a stakeholder for us to look out for, but also important to keep in mind are customers that we have, employees that work in our businesses, investors that we may want to attract or retain, as well as increasingly, partners that we work with, other stakeholders in our supply chain, as well as the local communities that we operate in and where we have our customers and our employees. We can see that a vast majority of consumers really expect corporations to be actively shaping ESG best practices. This comes from some PwC research, great stats that to me say consumers aren’t really adopting the sit back and wait to see what might be required of companies someday or what might be legislated. They’re looking to companies to really set that best practice and shape ESG practices for themselves.


Your ESG teams are going to be asked to provide assurance that ESG data is accurate and that it’s ready for an external audit. Things like data centralization, evidence collection, having audit logs are going to be critical. More than half of executives are reporting that the data availability that they have is really a challenge that they’re seeing. They’re not sure if they can rely on the accuracy of data. Today, it might be risk to reputation and risk of greenwashing, but tomorrow we could have major consequences for compliance with certain laws and legislation, as well as damage to your reputation.


We’re seeing ESG becoming more and more a key part of risk management and, in turn, embedded in business strategy. Making sure that you’re prioritizing ESG as part of your risk management program means you’re able to advise the business about ESG risks and opportunities. Gartner research last year showed that there was 100% increase in boards that were prioritizing the category of ESG health and sustainability. Obviously it has board members’ attention, and it’s becoming increasingly embedded throughout the business.

The ESG Program Management Lifecycle

Claire Feeney: First, I wanted to share this ESG program management lifecycle. Although on the slide it’s presented in a line and is numbered, we rarely see someone follow this exact path. This is a consensus of different activities, different categories, that make up an overall ESG program.

Arsh Kaur: At a high level, materiality assessment is a process that helps company organizations identify and prioritize the most relevant ESG factors for their business and stakeholders. Companies really utilize this process to ensure that they’re focusing their efforts on the issues that have the greatest potential impact on their sustainability, financial performance, and reputations. In turn, it helps those teams run a more effective ESG program. No two materiality assessments or levels of importance would look the same for different companies — it would vary widely for different industries and verticals.


Next, based on that materiality and based on what’s important for your organization, identify any reporting frameworks or important topics in the ESG universe to track. I’m about to throw a lot of alphabet soup around here now, but, in my experience, working with ESG across industries and regions, there are several frameworks that are frequently used to guide and measure ESG moments. 

  • There’s Global Reporting Initiative (GRI), which provides comprehensive sustainability reporting standards. 
  • Sustainability Accounting Standards Board (SASB) offers industry-specific ESG metrics that are more focused on financial materiality
  • Task Force on Climate Related Financial Disclosures (TCFD) helps organizations assess and report on climate related risks and opportunities. 

Those are the three most common ones that I encounter. But, I’ve also worked with companies that align with the UN SDGs, which are the United Nation’s Sustainability Development Goals. They really offer a global framework for addressing key social, economic, and environmental challenges. I’ll mention one more, the Carbon Disclosure Project (CDP), which can be considered a framework and a rating provider, but CDP really enables organizations to measure and manage their environmental impacts. What I’ve noticed is that these frameworks are sometimes used individually, but more often they’re used in combination. That all depends on an organization’s specific needs and objectives.

Claire Feeney: Next, collect all the ESG data and metrics. This can come from internal or external sources, as required by the frameworks selectedand what should be material to your business. You’ll also want to establish a baseline. A lot of teams that we work with maybe understand what is material, have some frameworks, have collected data, but that is very time consuming. They haven’t yet reached the next step of going in, doing a baseline, understanding where they want to go, and setting goals with the analysis of their data. That’s a big next step where a lot of people are not, I wouldn’t say stuck, but have found themselves wondering how they can move the needle forward because collecting your data and understanding what’s material is such a big chunk of getting started.


You’ll also want to make sure your data is accurate, that you know where it’s coming from, that it’s ready for any kind of public disclosures or commitments that you’re looking to make. 


You’ll want to create your action plan, operationalize this program, put it to work. You’ll have to get buy-in from stakeholders and perhaps executive sponsors for you to have the impact and, again, embed ESG in what you want to do throughout your organization.


Then, of course, we’ll want to monitor — whether it’s month over month, quarter over quarter, year over year — depending on what’s material for your business, making sure you’re flagging any risks, mitigation needs, communicate the progress. Continue that buy-in from internal stakeholders in your business, and keep them updated, hopefully, on the great progress and impact that your organization is making.

2023 ESG Maturity Benchmarking Report

Four Key Competencies for ESG Success 

Claire Feeney: Looking at the elements of a program, there’s obviously a lot that you could be doing. Maybe you’ve done a materiality assessment, but the last one you did was three years ago, and you’re not really sure when the next one will be. Or, maybe you’ve started collecting ESG data, but you’re really only looking at certain areas, maybe on the environmental impact of your business, and you haven’t really delved into the S and the G as of yet. When we break it down we’ve defined four different areas where we feel we can measure competencies in ESG and really assess maturity of an ESG program. 

  1. First we look at is ESG investment and processes. What investments has your organization made in things like ESG headcounts, in establishing processes that are repeatable, and scalable, and also in technology that you may have invested in to help aid these processes and the ESG sustainability teams that you have? 
  2. Next, we take a look at ESG breadth and depth. Every time I have to say that in front of an audience, I think we should have gone with the alternative name, but I think this is the most descriptive. There’s obviously a lot of different topics and things your organization can focus on across the E, the S, and the G. What is your breadth in covering those topics and what is the depth that you’re going into in each of those? Are you looking at things like your carbon footprint, the water and the energy, maybe the renewable energy sources that you’re using, any biodiversity impacts, things like that? What are you looking at and how deep are you going into those different areas? Also, how are you engaging with your stakeholders? There are many different stakeholders, just like there are many different topics across ESG. Are you looking maybe just at your customers as stakeholders or are you actually diving deep and looking at your employees, your customers, your community, and getting their input to determine what’s material for your business as well? 
  3. The next category or area that we look at is around reporting and disclosures. Have you published a sustainability report? What have you publicly disclosed? Have you made any commitments or shared ratings publicly? What frameworks are you aligning to? 
  4. Last, we have governance and controls. How is your organization managing compliance, audits, data governance, to ensure the accuracy of the ESG information that you’re putting into those reports? And, again, sharing out with your stakeholders.

ESG Maturity Landscape

Claire Feeney: Then based on the answers to these four categories of questions, we are able to map out where organizations fall for each of those categories in what we’ve called fundamental, efficient, strategic, or groundbreaking categories

  • When you look at fundamental, this is the very baseline. You may be checking the box on some compliance, you may be able to provide ESG data and on an as needed basis. 
  • Then you move up to efficiency, this is where you have more of a defined managed process for collecting your ESG data. You may be delving into reporting and disclosures. 
  • In strategic, this is where we start to see different activities and investment levels that indicate that your ESG program is seen as a competitive differentiator, a way to differentiate yourself in the market with the different stakeholders that you have, and you’re starting to embed ESG thinking and strategies throughout your organization. With risk management, but also your internal audit teams may be involved, investor relations, maybe even marketing or PR is involved. They’re all starting to think of things with an ESG lens. 
  • When we move into a groundbreaking category, this is really where we see companies and organizations that are setting the standard in these four different categories. They have new ideas, they have a really strong audit or control process, a lot of thought has gone into the governance, and they have a long-term plan to execute and operationalize their ESG program.

Arsh Kaur: I’ll wrap up by talking a little bit about the different use cases that people look to solve for as they’re looking to mature their ESG program management? Technology plays such a crucial role in helping companies manage their ESG programs more effectively.

  • For starters, it helps simplify data management by streamlining the collection, aggregation, and validation of data from various sources, which not only saves time, but it also improves accuracy.
  • Beyond data management, technology helps organizations analyze ESG data, uncovering trends and insights that can inform smarter strategic decisions. It can also support benchmarking and goal setting by allowing companies to track their progress and compare their performance to industry peers or relevant standards.
  • When it comes to reporting and disclosure, technology can make it easier to create consistent and transparent reports that align with the different ESG frameworks. Lastly, these digital tools foster really, really good collaboration and stakeholder engagement.
  • It’ll help centralize communication and also you can ensure that everyone in the organization is on the same page when it comes to ESG goals and initiatives.

By embracing technology, companies can not only streamline their ESG management processes, but they can also make more informed decisions that ultimately lead to more impactful sustainability outcomes — which is really the end goal.

Looking for more thought leadership? Check out our on-demand webinar library, and stay tuned for more Expert Insight videos featuring insutry leaders and experts discussing timely issues, insights, and experiences.